Back to skill

Security audit

FBoxMCP

Security checks across malware telemetry and agentic risk

Overview

FBoxMCP is a disclosed industrial-IoT management skill with sensitive device-control capabilities, but its artifacts keep those capabilities purpose-aligned and include confirmation requirements for state-changing actions.

Install only if you are authorized to manage the relevant FBox devices. Use least-privilege API keys, keep them out of logs and repositories, verify the FBox MCP endpoint and GitHub source, and require human review before any PLC write, alarm acknowledgement, VNC session, or precise location lookup on production equipment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README advertises PLC point writes, alarm acknowledgements, and remote VNC access but does not warn that these are state-changing or operationally sensitive actions. In an industrial IoT context, normalizing such actions without confirmation, role restrictions, or safety guidance can lead users or agents to trigger unsafe changes on live equipment, suppress alarms, or open remote control surfaces with real operational consequences.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill trigger description is overly broad and includes generic terms like device status, monitoring points, sensor values, alarms, history data, remote monitoring, and operations-related language. In a high-risk industrial IoT context, this can cause the skill to activate for loosely related conversations and expose operational device data or enable pathways toward sensitive actions such as alarm handling, PLC point writes, or VNC access without the user explicitly intending to use this skill.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation exposes access to precise device geolocation and address data, including both device-reported and user-set coordinates, without any warning about privacy sensitivity, consent expectations, or access restrictions. In an industrial IoT context, location data can reveal the physical whereabouts of operational assets and facilities, which increases surveillance, targeting, and operational security risks if surfaced to unauthorized users or mishandled by the agent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.